From b26a2811458f6795d1b2ae33e2bc691d3ef64afc037b560ef49cdc4c812fce46 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Fri, 6 Sep 2019 12:24:37 +0000 Subject: [PATCH] - Mozilla Thunderbird 60.9.0 * Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative. MFSA 2019-27 * Use-after-free while manipulating video CVE-2019-11746 (bmo#1564449) * XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11744 (bmo#1562033) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11742 (bmo#1559715) * Use-after-free while extracting a key value in IndexedDB CVE-2019-11752 (bmo#1501152) * Sandbox escape through Firefox Sync CVE-2019-9812 (bmo#1538008, bmo#1538015) * Cross-origin access to unload event attributes CVE-2019-11743 (bmo#1560495) Navigation-Timing Level 2 specification * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 (bmo#1563133, bmo#1573160) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=482 --- MozillaThunderbird.changes | 24 ++++++++++++++++++++++++ MozillaThunderbird.spec | 4 ++-- compare-locales.tar.xz | 4 ++-- create-tar.sh | 6 +++--- l10n-60.8.0.tar.xz | 3 --- l10n-60.9.0.tar.xz | 3 +++ thunderbird-60.8.0.source.tar.xz | 3 --- thunderbird-60.8.0.source.tar.xz.asc | 17 ----------------- thunderbird-60.9.0.source.tar.xz | 3 +++ thunderbird-60.9.0.source.tar.xz.asc | 17 +++++++++++++++++ 10 files changed, 54 insertions(+), 30 deletions(-) delete mode 100644 l10n-60.8.0.tar.xz create mode 100644 l10n-60.9.0.tar.xz delete mode 100644 thunderbird-60.8.0.source.tar.xz delete mode 100644 thunderbird-60.8.0.source.tar.xz.asc create mode 100644 thunderbird-60.9.0.source.tar.xz create mode 100644 thunderbird-60.9.0.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index c89890d..318bdd0 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Fri Sep 6 12:09:27 UTC 2019 - Wolfgang Rosenauer + +- Mozilla Thunderbird 60.9.0 + * Offer to configure Exchange accounts for Office365. A third-party + add-on is required for this account type. IMAP still exists as alternative. + MFSA 2019-27 + * Use-after-free while manipulating video + CVE-2019-11746 (bmo#1564449) + * XSS by breaking out of title and textarea elements using innerHTML + CVE-2019-11744 (bmo#1562033) + * Same-origin policy violation with SVG filters and canvas to steal + cross-origin images + CVE-2019-11742 (bmo#1559715) + * Use-after-free while extracting a key value in IndexedDB + CVE-2019-11752 (bmo#1501152) + * Sandbox escape through Firefox Sync + CVE-2019-9812 (bmo#1538008, bmo#1538015) + * Cross-origin access to unload event attributes + CVE-2019-11743 (bmo#1560495) + Navigation-Timing Level 2 specification + * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 + CVE-2019-11740 (bmo#1563133, bmo#1573160) + ------------------------------------------------------------------- Thu Aug 1 11:12:05 UTC 2019 - Tristan Miller diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 123d655..b60ee87 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,9 +17,9 @@ # -%define mainversion 60.8.0 +%define mainversion 60.9.0 %define update_channel release -%define releasedate 20190703133823 +%define releasedate 20190902145622 %bcond_without mozilla_tb_kde4 %bcond_with mozilla_tb_valgrind diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index e4dcdc9..ade39da 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b3a37a47153044ed6f702dad451f4920496831732a26d9fb4fecc1b239b153f2 -size 28396 +oid sha256:54f7cb6e3d25e9133320a7b031b2821e4dc514fa3d6c32b76f79cca0ca1e82f5 +size 28512 diff --git a/create-tar.sh b/create-tar.sh index bdf3c43..6d588da 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,9 +2,9 @@ CHANNEL="esr60" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="ef6b0f0be269d5b7314fe9b359604c9f4f541055" -MOZ_RELEASE_TAG="eb76765892cfd646d3014e5f3b8df8c6753da2d2" -VERSION="60.8.0" +RELEASE_TAG="7df22fd675a09804bc39fe54614ca7a68ffdcd68" +MOZ_RELEASE_TAG="887a438d43fa73e603704d02ea6756ea4e69eb1d" +VERSION="60.9.0" VERSION_SUFFIX="" LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json" diff --git a/l10n-60.8.0.tar.xz b/l10n-60.8.0.tar.xz deleted file mode 100644 index e92ba44..0000000 --- a/l10n-60.8.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b5111cb9b9c07a69f34ffa43fdf76c515051a8e3dd3f3dbc41486f8090e442a3 -size 27456032 diff --git a/l10n-60.9.0.tar.xz b/l10n-60.9.0.tar.xz new file mode 100644 index 0000000..9e2b813 --- /dev/null +++ b/l10n-60.9.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ddc34550e843aab7beb40c8461451d4fbfe3bcedb832892ff11081f71abe4f2d +size 27532252 diff --git a/thunderbird-60.8.0.source.tar.xz b/thunderbird-60.8.0.source.tar.xz deleted file mode 100644 index 5985163..0000000 --- a/thunderbird-60.8.0.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1e7a13e64b63476d2235aaac6823fdab949af45cfcd5a25ee710cbae08c2f5d1 -size 285643576 diff --git a/thunderbird-60.8.0.source.tar.xz.asc b/thunderbird-60.8.0.source.tar.xz.asc deleted file mode 100644 index 3adf79e..0000000 --- a/thunderbird-60.8.0.source.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.14 (GNU/Linux) - -iQIcBAABCAAGBQJdHMn9AAoJEPGmZo+7fVcuq9AP/R/rhtQqqr1y6I9+qrJPPJJy -/fNWEOj2jIoooGh4d7hdne0elSF7ZS93BLhGSwV/AdZMdAY3cpfrmFpFV/hmswmX -KSWMWIc2EBnv4lypDAz9tiLdIh8sMnYR3sW6RdTYWg3puG1oi0Jvl0aHGx8WlLUN -9ntkMF5SLv2Mka+R1EOJ86mJW6+4s/AULRIy2BmlpHOAYMf5DrA6uelpHNhwTBjg -IJpw1yggflF2ZV6uJbX+0RgMOHg3bmnP/zDO/9wFRrYHV7DXU3GVoeHqaze8iDzI -c4SgHU69aK/yvp2hVdDuJP/5Ig0jks33ZB5p6r28oXXO5F975+V8hYEJuu0/pEX6 -jp3fY11NtnJyV8O1fYvO+TEfo8QCAaceihRPSxBuEBzwyMyTg/iVlDXjzhttCDz3 -s7fAdbDusH4LqfSYsT9jHlforPJMHrKnLbxGoExOMMTZvK8gQhiEt/L3TETOXt11 -UIFEwm6U0pq8CJHxW0TvbIi40GQ0F4pjd4KL9BS0eSy3aRJiiqMxicf962ZIGTmh -9JhzDzqjkFln6k0O24AVklUNQtwk8wxo9e9yv6mJIlradiLa8Itp1JpJgzotOKaP -Q9LrBbalbL60xduonuXHY8V9jyiEEYTkGPW+Si5Zbzo0/8wqQhoYgJKmXu7hSzy4 -AiHlIw7tCxY3ht3djoup -=KlRT ------END PGP SIGNATURE----- diff --git a/thunderbird-60.9.0.source.tar.xz b/thunderbird-60.9.0.source.tar.xz new file mode 100644 index 0000000..4ea8aa9 --- /dev/null +++ b/thunderbird-60.9.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8818180658aeb8853de4cf381700e32907b361f0958bcce78f1590c6962d2d86 +size 286400364 diff --git a/thunderbird-60.9.0.source.tar.xz.asc b/thunderbird-60.9.0.source.tar.xz.asc new file mode 100644 index 0000000..04218dc --- /dev/null +++ b/thunderbird-60.9.0.source.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.14 (GNU/Linux) + +iQIcBAABCAAGBQJdbtvuAAoJEPGmZo+7fVcuHQgQAIzta3TWhspqaHixVAruX078 +ory1MSnV81dc96IQPB5qBk/wgHPv3H0SFMxbmvdSr2NSWzbVj/W6oxRJ+rZ0JlyS +1nLqTqQrXwoSoI4er/uNAAwhbmSAgVSLx1ImTk6sIgNeofaTrS0dTo5PlFJPgosg +SmK9EjwupoWirysN1cjTbH8DxJcgYYd+S4nkdbbJY8UTruYRjrbol4fOCzvNmYB6 +2og4ZOSivsAq0m6eDbjiQvMW3dJZw5mOW0sGCs4OF8Qi16Jaa8FjCjNGRwE1e5jg +IYOS/tgON1fdfTVE4I0YlGPHqx1PH1OLeO9WjcNyW+3HMwZs2A0YrOA7I+0x8RIf +oQ4vJSKBugNF9Z0kHh3qBUD5sJt9y/++YffxzgK3Z9sqmPkyzj//R6wzk81sA2xx +Lpeb6an08+MKvgT/EoLtZ/1isnbQVTu1/hwQVr9KNWLsbxvb4vl5oteRgZpUM1Fa +9Au6Nr/CxtWV1prmOPVwfDaC5j9ca2afJWiW4VSBiY0KUXl/rvn0VXD8P7SmcqgT +J5gh9MghSdDjb8YLM5/RGaGgvEVe6nf289N5BkOfUW5uGFPpXxaLvszatTqm9kAP +ciwqNECbAeo7sdrPIS79//eR2hHlOa2Lp4WWdDcFEgHD/cCsMjdZ04Q2qf0GYmgP +/33tvnMsRIa6invZ6ONt +=q4oW +-----END PGP SIGNATURE-----